[asterisk-bugs] [JIRA] (ASTERISK-26006) Show offending IP for wrong TLS usage in logs
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Tue May 10 06:26:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=230527#comment-230527 ]
Joshua Colp commented on ASTERISK-26006:
----------------------------------------
The fact we don't log out the IP address at all here is a bug I'd say.
> Show offending IP for wrong TLS usage in logs
> ---------------------------------------------
>
> Key: ASTERISK-26006
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26006
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Channels/chan_sip/TCP-TLS, Core/Logging
> Affects Versions: 13.8.2
> Environment: Arch Linux, KVM
> Reporter: Oleksandr Natalenko
> Severity: Minor
>
> Some tricky attackers could try to use Asterisk TLS port as HTTP/HTTPS proxy. Of course, that won't work for them, but the log is polluted with the following warnings and errors:
> {code}
> [May 10 14:21:21] ERROR[19119]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)
> [May 10 14:21:21] WARNING[19119]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> [May 10 14:21:21] ERROR[19141]: tcptls.c:609 handle_tcptls_connection: Problem setting up ssl connection: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
> [May 10 14:21:21] WARNING[19141]: tcptls.c:684 handle_tcptls_connection: FILE * open failed!
> {code}
> It would be nice to see offending IP here to feed the log to something like fail2ban to have attackers banned.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list